You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by SteveKing <st...@gmx.ch> on 2003/11/06 14:21:57 UTC

signing commits

Hi,

Just came to read this:
http://kerneltrap.org/node/view/1584
and it made me think. Could this happen
with subversion too?

If you read the posts below the news 
Andreas Dilgers wonders if it's possible
to add GPG signatures to BK - I'm
wondering now if this could be done
with subversion?

Stefan


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: signing commits

Posted by SteveKing <st...@gmx.ch>.

----- Original Message ----- 
From: "Jani Averbach" <ja...@cc.jyu.fi>
> 
> Well there have been some loose talk about that.
> 
> http://www.contactor.se/~dast/svn/archive-2003-01/1091.shtml
> 

According to that discussion it wouldn't be easy
to do that. :(

Stefan


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: signing commits

Posted by Jani Averbach <ja...@cc.jyu.fi>.

On 2003-11-06 15:21+0100, SteveKing wrote:

> Andreas Dilgers wonders if it's possible
> to add GPG signatures to BK - I'm
> wondering now if this could be done
> with subversion?
> 

Well there have been some loose talk about that.

http://www.contactor.se/~dast/svn/archive-2003-01/1091.shtml


BR, Jani

-- 
Jani Averbach


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: signing commits

Posted by Timothee Besset <tt...@idsoftware.com>.

You could sign each revision with the PGP key of the commiter. i.e.
compute the checksum of the diff ( with MD5 or whatever ), and sign it.
Could even be stored on the SVN server itself. If the server is
compromised, they still can't fake a correct signature.

Problem though is how to reconstruct the checksum of the changes locally
when you do svn update ?

TTimo

On Thu, 6 Nov 2003 15:21:57 +0100
"SteveKing" <st...@gmx.ch> wrote:

> Hi,
> 
> Just came to read this:
> http://kerneltrap.org/node/view/1584
> and it made me think. Could this happen
> with subversion too?
> 
> If you read the posts below the news 
> Andreas Dilgers wonders if it's possible
> to add GPG signatures to BK - I'm
> wondering now if this could be done
> with subversion?
> 
> Stefan
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
> 
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org